[Skiboot] [PATCH 0/4] secvar: ESL validation fixes
Nick Child
nnac123 at gmail.com
Fri Jun 25 06:51:04 AEST 2021
This series fixes bugs related to ESL validations as part of updating
secvars.The first patch is to ensure that an ESL buffer contains the
required amount bytes before reading. The second patch has to do with
iterating through a chain of ESL's. Currently, We were not validating any
ESL after the first by forgetting to increase the pointer to the data
buffer. The last two patches fix an issue where the return code was not
being set on an error, thus allowing for success to be returned. The
difference between them is one bug appeared when parsing a newly submitted
ESL and one bug appeared when parsing the current secvar ESLs. All commits
come with a test to further demonstrate their respective bug and to ensure
it gets patched.
Thanks to Nayna Jain for helping me out.
Thanks and apologies for any confusion,
Nick Child
Nick Child (4):
secvar: ensure ESL buf size is at least what ESL header expects
secvar: Make `validate_esl_list` iterate through esl chain
secvar: return error if validate_esl has extra data
secvar: return error if verify_signature runs out of ESLs
libstb/secvar/backend/edk2-compat-process.c | 18 +-
libstb/secvar/test/data/multipletrimmedKEK.h | 225 +++++++++++++++++++
libstb/secvar/test/data/trimmedKEK.h | 161 +++++++++++++
libstb/secvar/test/secvar-test-edk2-compat.c | 72 ++++++
4 files changed, 471 insertions(+), 5 deletions(-)
create mode 100644 libstb/secvar/test/data/multipletrimmedKEK.h
create mode 100644 libstb/secvar/test/data/trimmedKEK.h
--
2.17.1
More information about the Skiboot
mailing list